The Notorious Lazarus Hacker Group Resurfaces In 2024 With A Fake NFT Game

The Lazarus Group, a notorious hacker group made up of an unknown number of individuals alleged to be run by the North Korean government, has resurfaced after several months of silence. In its recent incident, the hacker group used a fake, non-fungible token-based game on Google’s internet browser (Chrome) and installed spyware that stole crypto and NFT wallet credentials.

Lazarus Crypto Hacker Group Resurfaces Online

In an October 24 blog post, Cointelegraph.com, a renowned crypto media platform, confirmed that the Lazarus hacker group has resurfaced online after moving underwaters for several months. The Lazarus hacker group started by launching a fake non-fungible token game on Chrome and installing spyware that stole confidential information from crypto users in the fake game.

The #NorthKorean #Lazarus hacking group exploited a Google Chrome zero-day tracked as CVE-2024-4947 through a fake decentralized finance (DeFi) game targeting individuals in the cryptocurrency space. #Hacking #cybersecurity https://t.co/wMBJUipAq4

— Anonymous🐾🐈‍⬛ (@YourAnonRiots) October 23, 2024

Lazarus Group is a North Korean state-sponsored cyber threat group linked to the North Korean Reconnaissance General Bureau (RGB). The North Korean Intelligence Agency (NKRGB) was created to spy, conduct covert operations, and engage in cyber espionage. Since its inception, the RGB has been spending much of its time and attention gathering data and attempting to infiltrate crypto funds from South Korea, the United States, and Japan.

The Lazarus Group came into the spotlight in 2021 after Sky Mavis, the developer of the popular blockchain-based video game Axie Infinity, suffered a breach that caused the loss of hundreds of millions of dollars in assets. After a thorough investigation, the FBI formally attributed the attack to the Lazarus Group. North Korean hackers have a history of crypto heists, having stolen over $3 billion as of December 2023.

Lazarus Hacker Group Strike Again In 2024

Based on the Cointelegraph report, Kaspersky Labs analysts noticed the exploit in May and reported it to Google, which fixed it several days later. The hackers launched a play-to-earn multiplayer online battle arena game and promoted it on LinkedIn and X. The game duped DeTankZone using non-fungible tokens as tanks in a worldwide competition. The fake NFT game was revealed and flagged by the Microsoft Security Team in February 2024.

Screenshot from Lazarus Group’s fake game. Source: SecureList

The Northern Korean hackers had removed the exploit from the website before Kaspersky could analyze it. The Kaspersky Labs informed Google of it anyway, and Google fixed the vulnerability in Chrome before the hackers could use it again. In the meantime, the number of victims affected by this breach is still unknown. Users who previously interacted with the game are advised to reset all their passwords.

Related NFT News:

Most Searched Crypto Launch – Pepe Unchained

• Layer 2 Meme Coin Ecosystem
• Featured in Cointelegraph
• SolidProof & Coinsult Audited
• Staking Rewards – pepeunchained.com
• $10+ Million Raised at ICO – Ends Soon